[kelnage]

If it's a US Federal Government service, you should point out to them that they are going against the explicit recommendation of NIST[1].

1. https://pages.nist.gov/800-63-3/sp800-63b.html#sec5, under 5.1.1.2 Memorized Secret Verifiers, 'Verifiers SHOULD permit claimants to use “paste” functionality when entering a memorized secret.'

[0xffff2]

Sadly the US Federal Government is a massive and unwieldy collection of organizations. I work in the Federal government and my part of it doesn't comply with NIST's modern guidelines at all. They probably will at some point, but department/agency level IT changes take years to be approved.